PDF Print E-mail
Best Practices in Accepting Bankcards for Payment


When you follow best practices in accepting credit and debit cards, it will help to assist you in treating all customers fairly, and in honoring cards without discrimination. It will also help you to be vigilant about security.  To follow best practices:

Do:
  •    Use a terminal or third party terminal provider service that truncates the card expiration date and all but the last 4 digits of the card number on the cardholder copy of the receipt. (Note: Merchant copy of receipt bearing signature may display full account number and expiration date)
  •    Store all materials containing cardholder account information in a restricted/secure area
  •    Limit access to sales drafts, reports, or other sources of cardholder data to your employees on a need to know basis
  •    Render materials containing cardholder account information unreadable prior to discarding
  •    Retain legal control over cardholder transaction data and personal cardholder information if you use a third-party
  •    Limit access to Global Payments’ systems requiring unique operator log-in and notify Global immediately of staff terminations or changes
  •   Immediately notify Global Risk Management of any suspected or confirmed loss or theft of materials or records that contain account information retained by merchant or its third party
  •    Immediately notify Global Payments of the use of an agent or third party provider not identified on the Merchant Application
  •   Communicate these requirements to your third party provider and/or third party terminal provider and direct them to card association information, publications, and or Web sites regarding safeguarding cardholder transaction data
  •   Require your third party provider to adhere to CISP, AIS, and MasterCard data security requirements 
  •   Retain sales drafts for 18 months
  •   Display proper signage

Don’t
 
  •   Process cash advance transactions unless you are a financial institution approved to do so through your merchant account
  •   Assign a minimum or maximum purchase amount add a surcharge or fee
  •   Restrict bankcard use (for a sale or discounted item)
  •   Use a bankcard to guarantee a check
  •   List a cardholder’s personal information on a bankcard sales slip (unless the authorization operator requests it)
  •   Record CVV2/CVC2/CID on sales draft (only the one-digit result code can be recorded or retained)
  •   Retain sensitive cardholder data if expressly prohibited, including complete contents of a card’s magnetic stripe (subsequent to the authorization)
  •   Sell, transfer, or disclose cardholder account information or personal information (This information should be released only to Global or Member, or as specifically required by law. If you want to participate in a loyalty program, the loyalty vendor must be CISP certified by Visa and implemented in accordance with processes and procedures.)
  •   Deny a purchase because a cardholder refuses to provide additional identification such as telephone number, address, social security number, or driver’s license
  •   Use any other telephone number other than the official number provided for authorization of a transaction

 

You May Ask for Personal Information When:
  •   Store policy is to request it for all payment methods including checks and cash. You cannot make providing information a condition of the sale, unless local laws allow
  •   You need this information to deliver an order
  •   The authorization operator specifically requests you obtain it
  •   The card is not signed and you must have the cardholder sign it and check the signature against another piece of identification

Never Honor a Bankcard When:
 
  •   The customer does not have the actual bankcard
  •   The card appears to have been altered or tampered with
  •   Authorization is declined, or you’re told to pickup the card
  •   The signatures do not match
 

Internet Merchants

Retail Merchants